7.5

CVE-2026-52974

net: tls: fix strparser anchor skb leak on offload RX setup failure

In the Linux kernel, the following vulnerability has been resolved:

net: tls: fix strparser anchor skb leak on offload RX setup failure

When tls_set_device_offload_rx() fails at tls_dev_add(), the error path
calls tls_sw_free_resources_rx() to clean up the SW context that was
initialized by tls_set_sw_offload(). This function calls
tls_sw_release_resources_rx() (which stops the strparser via
tls_strp_stop()) and tls_sw_free_ctx_rx() (which kfrees the context),
but never frees the anchor skb that was allocated by alloc_skb(0) in
tls_strp_init().

Note that tls_sw_free_resources_rx() is exclusively used for this
"failed to start offload" code path, there's no other caller.

The leak did not exist before commit 84c61fe1a75b ("tls: rx: do not use
the standard strparser"), because the standard strparser doesn't try
to pre-allocate an skb.

The normal close path in tls_sk_proto_close() handles cleanup by calling
tls_sw_strparser_done() (which calls tls_strp_done()) after dropping
the socket lock, because tls_strp_done() does cancel_work_sync() and
the strparser work handler takes the socket lock.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version 84c61fe1a75b4255df1e1e7c054c9e6d048da417
Version < 0c9f399b37ce22a5ed94cc51f03ed07ac7f38e32
Status affected
Version 84c61fe1a75b4255df1e1e7c054c9e6d048da417
Version < 688f12aa44511dd57e448eb670075c6302ad1dc1
Status affected
Version 84c61fe1a75b4255df1e1e7c054c9e6d048da417
Version < 3c405dfa9619e506e75b8e41f8b29a5b99731877
Status affected
Version 84c61fe1a75b4255df1e1e7c054c9e6d048da417
Version < 9c54e76f8d6eb11735918777ef0e0509e089557d
Status affected
Version 84c61fe1a75b4255df1e1e7c054c9e6d048da417
Version < bd07fe6c38b9e44ff3fc02692a53f095c5cc9afc
Status affected
Version 84c61fe1a75b4255df1e1e7c054c9e6d048da417
Version < 58689498ca3384851145a754dbb1d8ed1cf9fb54
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 6.0
Status affected
Version 0
Version < 6.0
Status unaffected
Version <= 6.1.*
Version 6.1.175
Status unaffected
Version <= 6.6.*
Version 6.6.141
Status unaffected
Version <= 6.12.*
Version 6.12.91
Status unaffected
Version <= 6.18.*
Version 6.18.33
Status unaffected
Version <= 7.0.*
Version 7.0.10
Status unaffected
Version <= *
Version 7.1
Status unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.51% 0.394
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
416baaa9-dc9f-4396-8d5f-8c081fb06d67 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/0c9f399b37ce22a5ed94cc51f03ed07ac7f38e32
https://git.kernel.org/stable/c/688f12aa44511dd57e448eb670075c6302ad1dc1
https://git.kernel.org/stable/c/3c405dfa9619e506e75b8e41f8b29a5b99731877
https://git.kernel.org/stable/c/9c54e76f8d6eb11735918777ef0e0509e089557d
https://git.kernel.org/stable/c/bd07fe6c38b9e44ff3fc02692a53f095c5cc9afc
https://git.kernel.org/stable/c/58689498ca3384851145a754dbb1d8ed1cf9fb54